CVE-2019-17598

Опубликовано: 05 нояб. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host.

Ссылки

https://www.playframework.com/security/vulnerability
Release Notes
Vendor Advisory
https://www.playframework.com/security/vulnerability/CVE-2019-17598-PlayWSHttpConnectAuthorizationHeaders
Vendor Advisory
https://www.playframework.com/security/vulnerability
Release Notes
Vendor Advisory
https://www.playframework.com/security/vulnerability/CVE-2019-17598-PlayWSHttpConnectAuthorizationHeaders
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:lightbend:play_framework:*:*:*:*:*:*:*:*

Версия от 2.5.0 (включая) до 2.5.19 (включая)

cpe:2.3:a:lightbend:play_framework:*:*:*:*:*:*:*:*

Версия от 2.6.0 (включая) до 2.6.23 (включая)

EPSS

Процентиль: 36%

0.0015

Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-326

Связанные уязвимости

GHSA-442g-gcg6-mhm4